Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6477

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

Related bugs and status

CVE-2013-6477 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

Bug #1365548: Pidgin security updates

Summary				In	Importance	Status
	1365548	Pidgin security updates		Linux Mint	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
DEBIAN: DSA-2859
REDHAT: RHSA-2014:0139
SUSE: openSUSE-SU-2014:0239
UBUNTU: USN-2100-1
SUSE: openSUSE-SU-2014:0326